99 percent of domains are not protected by DMARC

Essentially every global domain is vulnerable to phishing and domain name spoofing. A new report incorporates data from Agari, revealing that 90 percent of its customers have been targeted by domain name fraud. Insight from the Farsight Security indicates that less one percent of all domains are authenticated and protected by Domain Message Authentication Reporting & Conformance (DMARC).

“This report provides compelling evidence of the successes of DMARC adoption in protecting customers and brands, driving phishing rates near zero. However, with DMARC enforcement at only 27% of those firms who have adopted DMARC, it also shows how few enterprises have put these proven controls in place,” said Patrick Peterson, executive chairman, Agari.

According to Agari research, 92% of the Fortune 500 did not protect their domains with DMARC as of August 2017. However, 2017 saw two watershed moments: The Department of Homeland Security Binding Operational Directive 18-01 (BOD 18-01), which requires all federal domains to implement DMARC in 2018, and members of NH-ISAC (a cyber security forum for healthcare institutions) pledged to implement DMARC in 2018.

Key findings

The joint research focused on the second half of 2017, the six months ending December 2017. Additional findings include:

Healthcare is most targeted industry – Among Agari customers, 92 percent of healthcare industry domains are targeted by domain name spoofing. The majority of messages (58 percent threat rate) sent on behalf of the healthcare industry are malicious or unauthorized, undermining the trust in medical providers, insurance companies and pharmaceutical brands. It is not surprising that healthcare is the most targeted industry since it is also the vertical least protected by DMARC, with protected domains hovering only between 10 – 20 percent.

Government domains are under attack – The government sector is the second most attacked industry, with 87 percent of domains target. One out of ten messages (12 percent threat rate) sent on behalf of federal domains are malicious or unauthorized – significantly higher than the global average of three percent.

Attack on government domains during the week of September 11 – The report reveals a major spike in attacks on federal domains the week of September 11, 2017 – as malicious email increased from 16 percent to 50 percent – the result of a massive attack (more than 8 million messages) on a federal agency, which was prevented by DMARC.